mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
41 lines
1.6 KiB
Markdown
41 lines
1.6 KiB
Markdown
# Requirements
|
|
None, Trivy uses Google Cloud SDK. You don't need to install `gcloud` command.
|
|
|
|
# Privileges
|
|
Credential file must have the `roles/storage.objectViewer` permissions.
|
|
More information can be found in [Google's documentation](https://cloud.google.com/container-registry/docs/access-control)
|
|
|
|
## JSON File Format
|
|
The JSON file specified should have the following format provided by google's service account mechanisms:
|
|
|
|
```json
|
|
{
|
|
"type": "service_account",
|
|
"project_id": "your_special_project",
|
|
"private_key_id": "XXXXXXXXXXXXXXXXXXXXxx",
|
|
"private_key": "-----BEGIN PRIVATE KEY-----\nNONONONO\n-----END PRIVATE KEY-----\n",
|
|
"client_email": "somedude@your_special_project.iam.gserviceaccount.com",
|
|
"client_id": "1234567890",
|
|
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
|
|
"token_uri": "https://oauth2.googleapis.com/token",
|
|
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
|
|
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/somedude%40your_special_project.iam.gserviceaccount.com"
|
|
}
|
|
```
|
|
|
|
# Usage
|
|
If you want to use target project's repository, you can set them via `GOOGLE_APPLICATION_CREDENTIALS`.
|
|
```bash
|
|
# must set TRIVY_USERNAME empty char
|
|
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credential.json
|
|
```
|
|
|
|
# Testing
|
|
You can test credentials in the following manner (assuming they are in `/tmp` on host machine).
|
|
|
|
```bash
|
|
docker run -it --rm -v /tmp:/tmp\
|
|
-e GOOGLE_APPLICATION_CREDENTIALS=/tmp/service_account.json\
|
|
aquasec/trivy image gcr.io/your_special_project/your_special_image:your_special_tag
|
|
```
|